Am 26.03.2010 10:54, schrieb Chris Buechler:
[...]
Probably asymmetric routing. The flags default in newer PF versions in
FreeBSD 7.x (pfSense 1.2.1, 1.2.2, 1.2.3) is much more strict than it
was in FreeBSD 6.2 (pfSense 1.2). So if the firewall isn't seeing the
entire connection (such as only traffic in one direction), it's going
to kill that state as it can't properly track the connection state, it
looks like spoofed traffic.
The fix is to first figure out where the problem is, what's causing
the asymmetric routing. Then the solution will depend on the cause.
There are many possible causes depending on what's in your network.
I think it has to do with the routing. The problem occurs only if the
requests came via a static route.
Do you have an idea how to find out were the problem with asymmetric
routing is?
Regards
Bastian
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
